How banks can secure SMS

How can banks secure SMS_head image

Every business has something to gain from B2C SMS communication. The financial sector, however, has more reasons to invest than most.

Banks and their branches use text message campaigns for a range of essential purposes. SMS is useful for keeping customers in the loop — “We’re updating our opening hours”; flagging suspicious activity — “Someone just logged into your account. Was this you?”; and maintaining PS2D compliance with two-factor authentication.

But SMS messaging has some inherent security challenges, too. Challenges that JT is working to overcome.

Why banks need to implement SMS

PSD2 regulations are a driving force for banks using SMS. PSD2 requires financial institutions to implement some form of multi-factor authentication and while that might seem simple on the surface, it’s a bit more complicated than it appears.

Bespoke banking apps could be used instead of SMS to enable multi-factor authentication and PS2D compliance. These apps would need to be deployed on different platforms though — risking unforeseen software constraints, compatibility issues and mounting costs.

SMS offers a simpler solution, because:

  • It is platform-agnostic; sending an SMS message to an iOS user is no different from sending one to an Android user.
  • SMS has an average open rate of 82%, far higher than that of banking/finance app notifications (46%) and emails (21.56%).
  • SMS is delivered quickly even with poor network connection, so minimal connectivity is required.

SMS security concerns: the challenge for financial institutions

Now that we’ve covered the benefits of SMS, let’s get down to the challenges. Because SMS has several major security concerns that can't be ignored — especially by financial institutions.

Consumers have their guard down when using SMS

Lack of consumer education is perhaps the greatest security risk surrounding SMS. Customers have learnt to be suspicious of unexpected emails and dodgy-looking downloads when browsing the web. But assuming SMS is always secure is a mistake many consumers still make today.

In reality, SMS can be exploited just the same as emails, websites, and downloadable files. Since most users aren't looking out for these scams, however, they make simple errors and ignore red flags.

It also happens that SMS is an easier platform for hiding fraudulent activity. Every phone number looks more or less the same when it's not in your contact list and for a long time, mobile phones haven't had any default tools for marking SMS messages as spam. This leads to consumers interacting with fraudulent SMS content far too often.

SMS fraud is becoming more and more concerning

We’re seeing an increase in SMS fraud across the UK and indeed most of the world. The events of 2020 played a key role in this. People spent more time shopping and managing money on their smartphones than in previous years. They were also connected to unsecured home networks for much of that time.

This led to £34.5 million being stolen from UK customers between March 2020 and March 2021. Bear in mind that mobile phishing - or ‘smishing’ as it now called in the industry - is just one form of fraudulent activity that can occur over SMS. SIM swap fraud and general spam are also high-level concerns.

How JT is helping secure SMS

It's not all bad news. Pioneering mobile operators like JT are working on solutions to help the market (and especially financial institutions) improve their SMS security.

Advanced carrier firewalls

JT will soon be offering advanced carrier firewalls to its customers. These systems will scan every SMS that moves through the JT network, checking its sender against a known database of “good” or “bad” SIMs and used advanced machine-learning techniques to identify fraudulent messages before they get delivered to end-users.

If suspicious activity is detected, the message will either be blocked entirely or sent to the user with a warning message attached.

Zero-hop traffic and direct routes

SMS campaigns sent through JT utilise zero-hop traffic and direct routing.

Our zero-hop promise means that SMS messages will never be redirected over cheaper, less secure networks. Instead, JT works only with direct routes and secure agreements — sending an SMS straight to the individual through its own network, or that of a trusted partner.

The result may be a bit more costly than suppliers using low-cost SIM farms and grey routes, but it’s a wise investment for banks looking to secure their SMS.

Work with the most secure B2C SMS operator in the market

Security will continue to be a consideration for SMS well into the future. The risks won’t go away easily and it’s up to financial institutions and the providers they use to mitigate those risks to the best of their ability.

Secure SMS service for critical messages is wholly achievable by investing in the tightest SMS infrastructures and continuing to educate customers and each other on the growing, evolving, threat. 

To learn more about our pioneering SMS services, contact us today.